Cyber-attack on Sony Pictures changes the Internet business landscape

‘C’ is for “cyber”. Is World War C starting? It could be. A possible cyber-attack against North Korea may be in progress but the nature of the attack and who might be behind it remain shrouded in mystery at the moment. Various network infrastructure monitors have detected intermittent Internet access outages in North Korea over the last 24 hours that have been described as “unusual”. Reutersreports…

Doug Madory, director of Internet analysis at Dyn Research, which detected the North Korean Internet outage, said: “For the past 24 hours North Korea’s connectivity to the outside world has been progressively getting degraded to the point now that they are totally offline.

“There’s either a benign explanation – their routers are perhaps having a software glitch; that’s possible. It also seems possible that somebody can be directing some sort of an attack against them and they’re having trouble staying online,” he said.

The United States government had earlier blamed North Korea for a massive cyber-attack on Sony Pictures Entertainment (SPE) in November that resulted in unprecedented loss of data and leakage of highly-sensitive company information including thousands of revealing email exchanges between employees and between top executives. The hacker group Guardians of Peace (GOP) claimed responsibility for the attack and subsequent leak of stolen data to the public. The GOP then issued threats in mid-December against distributors and exhibitors of The Interview, a comedy film that includes in its story the assassination of North Korea leader Kim Jong-un, that eventually prompted SPE to pull its Christmas release.

The attack on Sony by the GOP and Sony’s subsequent pulling of The Interview has angered many Americans who see this as an attack on the very heart of their way of life. Sony staff, for their part, are outraged and even frightened. One employee’s account of the experience shortly following the attack describes the personal impact of the crisis…

I decided that I’m never going to access any of my financial accounts on my work computer ever again. If I need to do something urgently, I’ll use my smartphone, or I’ll go home and do it. It’s not worth the risk.

US president Barack Obama vowed to retaliate “in a place and time and manner that we choose.” The North Korean government, however, denies responsibility for the attack and the threats that led to the cancellation of the Christmas screening of The Interview. Nonetheless, the question remains, Is North Korea responsible?

A report published on the HP Security Research blog offers some clues…

The [tools, techniques and procedures (TTPs)] used in the attack on SPE seem to mirror what is known about North Korean actor TTPs. The attacks on SPE used wiper malware, which wipes both the MBR and all host data. This is very similar to the behavior of the malware used in previous attacks attributed to North Korea. While the data exfiltration method used in the attack on SPE is currently unknown, North Korea has also been known to use malware that targets and exfiltrates data in attacks on South Korean military interests.

Additionally, the actors who targeted SPE left a defacement with graphics and a message to the victim. This tactic has been seen in attacks attributed to the North Korean threat actor groups WhoIs Team, IsOne, and Hastati. All of these groups were associated with the DarkSeoul malware and Operation Troy. According to statements from the South Korean government, North Korea’s Lab 110, were the actors behind the DarkSeoul malware. Lab 110, suspected to be part of North Korea’s Unit 121, are reported to maintain technical reconnaissance teams responsible for infiltrating computer networks, hacking to obtain intelligence, and planting viruses on enemy networks. Additionally, the malware used to attack SPE was written using a Korean language pack, as were malware samples previously attributed to North Korean origin.

Whatever the case and regardless of who is behind these attacks, its repercussions are already rippling across American society and will likely profoundly change the way people regard their increasingly intimate relationships with technology. The crisis comes at a time when “the Internet of things” and “wearable” devices have become trendy strategic management buzzwords being hyped by media and in boardrooms around the world. “The Internet of things” promises a world where even the most mundane appliances and objects will be hooked to the Net, collecting data about the world and the people around them and streaming these back to “big data” analysts figuring out how best to squeeze profits from insights derived from this information deluge.

The spectre of hostile governments like North Korea and belligerent groups such as terrorists and hacktivists seizing control of such far-reaching networks could dampen the general public’s enthusiasm to see such a world materialise and dash Silicon Valley taipans’ hopes for the untold riches it could bring them.

At the moment, social media, firms like Facebook and Twitter represent the networks ordinary Net users lives are most intimately intertwined with. But the very new world these brands have created is also putting pressure on their erstwhile open-ended business models and the reality of their accountability as carriers of information and as investments to their shareholders is starting to bite.

Already, Sony is threatening to sue Twitter for being a part of the spread of its hacked emails. Observers are watching this development closely as it represents a move that raises questions about the on-going viability of social media platforms for disseminating and exchanging information on the most pressing issues and current events transpiring at the moment. While Twitter generally bars the posting of a person’s private information, it allows users to link to such information. This follows Facebook reportedly pulling offline a page used by groups opposed to Russian President Vladimir Putin to accede to the request of the Russian Net watchdog Roskomnadzor.

Interestingly, both Facebook and Twitter started out as self-styled facilitators of freedom of expression and channels for unfettered exchange of information that could potentially “change the world”. Twitter, for one, prides itself in being instrumental to the outcome of the “Arab Spring” series of protests that rocked the Middle East in 2010 that resulted in the overthrow of some national leaders in the region.

The Sony attack and the subsequent cancellation of The Interview screenings, however, so far represent the biggest win delivered by perpetrators of cyberwarfare which, unlike traditional war, brings the battle to the doorsteps and likely right through the doors of the world’s technological elite. How this will shape the world will be an interesting story yet to unfold over the coming months.

“The spectre of hostile governments like North Korea and belligerent groups such as terrorists and hacktivists seizing control of such far-reaching networks could dampen the general public’s enthusiasm to see such a world materialise and dash Silicon Valley taipans’ hopes for the untold riches it could bring them.” This isn’t even the first major incident of a hostile nation using malware to cripple another country’s infrastructure. That distinction goes to the Russian cyber attack on Estonia (arguably the most wired country in Europe) in 2007. Ironically, for an administration that came of age with the Internet, the Obama government seems… Read more »

The increasing prevalence of stuff connected to the Net, their penetration deep into the daily lives of ordinary people combined with the consolidation of control over the Net into a handful of powerful platforms like Facebook and Google expose us to the risk of attacks (or failures) that could hit wide and deep with a single well-aimed and well-timed blow.

Is technology as we are applying and embracing it today building a more resilient society? Or is it turning it into a highly-interdependent but brittle one?